Authenticating users from an external user registry to the Local Management Interface
You can choose to use an external user registry, in place of the default custom registry, to designate which users can authenticate to the local management interface (LMI) of the virtual appliance.
Specify users or groups of users that are defined in a directory server in the LMI Authentication Configuration details window. The directory servers that are provided by IBM® Security Directory Server or by Microsoft Active Directory are supported.
This option applies only to the local management interface of the virtual appliance. It does not apply to the virtual appliance command line interface.
A disruption of the connection between the virtual appliance and the directory server might prevent the users of the external registry from being able to access the LMI. At this time, only the admin@local user can log into the LMI. The admin@local user credentials are based on the local operating system user registry. The credentials are automatically set equal to those of admin during the initialization process of the virtual appliance. As long as the connection is disrupted, admin@local is the only user who can access and manage the virtual appliance from the LMI. This applies also in a clustered environment.
In the LMI Authentication Configuration details window, you are asked to provide information about the host of the directory server, the port number, whether to use SSL encryption, the principal distinguished name, password and location, and filters for the users or user groups that can authenticate.
If you use SSL encryption, you can accept a default certificate or import your personal certificate in the Local Management Interface key store. If you delete the certificate, the users from the external registry can no longer log in to the LMI. Only the admin@local user can log in and either import a new certificate or reconfigure the LMI Authentication Configuration details to generate a new default certificate.